Search
j0ke.net Open Build Service
>
Projects
>
devel
:
ruby
>
rubygem-actionpack-2_0
> Changes
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
Changes of Revision 2
[-]
[+]
Added
rubygem-actionpack-2_0.changes
@@ -0,0 +1,201 @@ +------------------------------------------------------------------- +Thu Jan 17 15:43:46 CET 2008 - mrueckert@suse.de + +- update to version 1.13.6 + * Correct Broken Fix for session_fixation attacks + * Ensure that cookies handle array values correctly. + Closes #9937 [queso] +- branch new packge rubygem-actionpack-1_13 to allow parallel + installation of multiple major branches +- removed rubygem-actionpack-1.13.x_session_fixation_attack.patch + included in update + +------------------------------------------------------------------- +Fri Nov 23 00:33:20 CET 2007 - mrueckert@suse.de + +- updated rubygem-actionpack-1.13.x_session_fixation_attack.patch + new name rubygem-actionpack-1.13.x_session_fixation_attack_v2.patch: + The original upstream patch only worked for the first request. + Do not delete the cookie_only option from the session options. + (#332441) (CVE-2007-6077) + +------------------------------------------------------------------- +Wed Oct 17 16:48:01 CEST 2007 - mrueckert@suse.de + +- added rubygem-actionpack-1.13.x_session_fixation_attack.patch: + Reject session informations from the query string (#332441) + (CVE-2007-5380) + +------------------------------------------------------------------- +Wed Oct 17 17:52:39 CEST 2007 - mrueckert@suse.de + +- update to version 1.13.5 + * Backport: allow array and hash query parameters. Array route + parameters are converted/to/a/path as before. + #6765, #7047, #7462 + [bgipsy, Jeremy McAnally, Dan Kubb, brendan, Diego Algorta Casamayou] + * Fix in place editor's setter action with non-string fields. + #7418 [Andreas] +- additional changes from version 1.13.4 + * Only accept session ids from cookies, prevents session fixation + attacks. [bradediger] (CVE-2007-5380) (bnc #332441) + * Change the resource seperator from ; to / change the generated + routes to use the new-style named routes. e.g. + new_group_user_path(@group) instead of + group_new_user_path(@group). [pixeltrix] + * Integration tests: introduce methods for other HTTP methods. + #6353 [caboose] + * Improve performance of action caching. Closes #8231 [skaes] + * Fix errors with around_filters which do not yield, restore 1.1 + behaviour with after filters. Closes #8891 [skaes] + After filters will *no longer* be run if an around_filter fails + to yield, users relying on this behaviour are advised to put + the code in question after a yield statement in an around + filter. + * Allow you to delete cookies with options. + Closes #3685 [josh, Chris Wanstrath] + * Deprecate pagination. Install the classic_pagination + plugin for forward compatibility, or move to the superior + will_paginate plugin. #8157 [Mislav Marohnic] + * Fix filtered parameter logging with nil parameter values. + #8422 [choonkeat] + * Integration tests: alias xhr to xml_http_request and add a + request_method argument instead of always using POST. + #7124 [Nik Wakelin, Francois Beausoleil, Wizard] + * Document caches_action. #5419 [Jarkko Laine] + * observe_form always sends the serialized form. + #5271 [manfred, normelton@gmail.com] + * Update UrlWriter to accept :anchor parameter. + Closes #6771. [octopod] + * Replace the current block/continuation filter chain handling by + an implementation based on a simple loop. + Closes #8226 [Stefan Kaes] + * Return the string representation from an Xml Builder when + rendering a partial. #5044 [tpope] + * Cleaned up, corrected, and mildly expanded ActionPack + documentation. Closes #7190 [jeremymcanally] + * Small collection of ActionController documentation cleanups. + Closes #7319 [jeremymcanally] + * Performance: patch cgi/session/pstore to require digest/md5 + once rather than per #initialize. #7583 [Stefan Kaes] + * Deprecation: verification with :redirect_to => :named_route + shouldn't be deprecated. #7525 [Justin French] + +------------------------------------------------------------------- +Mon May 14 16:32:28 CEST 2007 - mrueckert@suse.de + +- update to version 1.13.3: + * Fix a bug in Routing where a parameter taken from the path of + the current request could not be used as a query parameter for + the next. #6752 [Nicholas Seckar] + * session_enabled? works with session :off. #6680 [Catfish] + * Performance: patch cgi/session to require digest/md5 once + rather than per #create_new_id. [Stefan Kaes] +- additional changes from 1.13.2: + * Add much-needed html-scanner tests. Fixed CDATA parsing bug. + [Rick] + * improve error message for Routing for named routes. + [Rob Sanheim] + * Added enhanced docs to routing assertions. [Rob Sanheim] + * fix form_for example in ActionController::Resources + documentation. [gnarg] + * Add singleton resources from trunk [Rick Olson] + * select :multiple => true suffixes the attribute name with [] + unless already suffixed. #6977 [nik.kakelin, ben, julik] + * Improve routes documentation. #7095 [zackchandler] + * Resource member routes require :id, eliminating the ambiguous + overlap with collection routes. #7229 [dkubb] + * Fixed NumberHelper#number_with_delimiter to use "." always + for splitting the original number, not the delimiter + parameter #7389 [ceefour] + * Autolinking recognizes trailing and embedded . , : ; + #7354 [Jarkko Laine] + * Make TextHelper::auto_link recognize URLs with colons in + path correctly, fixes #7268. [imajes] + * Improved auto_link to match more valid urls correctly + [Tobias Luetke] + +------------------------------------------------------------------- +Wed Jan 24 00:57:59 CET 2007 - mrueckert@suse.de + +- update to version 1.13.1: + update for rails 1.2.1. Too many changes to mention them here. + see /usr/lib*/ruby/gems/1.8/gems/actionpack-1.13.1/CHANGELOG + +------------------------------------------------------------------- +Fri Aug 11 02:33:25 CEST 2006 - mrueckert@suse.de + +- update to version 1.12.5: + * update for the previous security fix + +------------------------------------------------------------------- +Thu Aug 10 12:40:16 CEST 2006 - mrueckert@suse.de + +- update to version 1.12.4: + * Documentation fix: integration test scripts don't require + integration_test. (rails:#4914) [Frederick Ros <sl33p3r@free.fr>] + * ActionController::Base Summary documentation rewrite. + (rails:#4900) [kevin.clark@gmail.com] + * Fix text_helper.rb documentation rendering. + (rails:#4725) [Frederick Ros] + * Fixes bad rendering of JavaScriptMacrosHelper rdoc. + (rails:#4910) [Frederick Ros] + * Enhance documentation for setting headers in integration tests. + Skip auto HTTP prepending when its already there. + (rails:#4079) [Rick Olson] + * Documentation for AbstractRequest. + (rails:#4895) [kevin.clark@gmail.com] + * Remove all remaining references to @params in the documentation. + [Marcel Molina Jr.] + * Add documentation for redirect_to :back's RedirectBackError + exception. [Marcel Molina Jr.] + * Update layout and content_for documentation to use yield rather + than magic @content_for instance variables. [Marcel Molina Jr.] + * Cache CgiRequest#request_parameters so that multiple calls + don't re-parse multipart data. [Rick] + * Fixed that remote_form_for can leave out the object parameter + and default to the instance variable of the object_name, + just like form_for [DHH] + * Added ActionController.filter_parameter_logging that makes it + easy to remove passwords, credit card numbers, and other + sensitive information from being logged when a request is + handled. (rails:#1897) [jeremye@bsa.ca.gov] + * Fixed that real files and symlinks should be treated the same + when compiling templates. + (rails:#5438) [zachary@panandscan.com] + * Add :status option to send_data and send_file. Defaults to + '200 OK'. (rails:#5243) + [Manfred Stienstra <m.stienstra@fngtps.com>] + * Update documentation for erb trim syntax. + (rails:#5651) [matt@mattmargolis.net] + * Short documentation to mention use of Mime::Type.register. + (rails:#5710) [choonkeat@gmail.com] + +------------------------------------------------------------------- +Sat Jul 1 04:21:38 CEST 2006 - mrueckert@suse.de + +- update to version 1.12.3: + * Fix broken traverse_to_controller. We now: + Look for a _controller.rb file under RAILS_ROOT to load. + If we find it, we require_dependency it and return the + controller it defined. (If none was defined we stop looking.) + If we don't find it, we look for a .rb file under RAILS_ROOT + to load. If we find it, and it loads a constant we keep + looking. Otherwise we check to see if a directory of the same + name exists, and if it does we create a module for it. + * Refinement to avoid exceptions in traverse_to_controller. + * (Hackish) Fix loading of arbitrary files in Ruby's load path + * by traverse_to_controller. [Nicholas Seckar] + +------------------------------------------------------------------- +Wed Jun 21 01:06:03 CEST 2006 - mrueckert@suse.de + +- use rubygems_with_buildroot_patch instead of the versioned + buildrequires + +------------------------------------------------------------------- +Mon Jun 19 18:37:41 CEST 2006 - mrueckert@suse.de + +- Initial package version 1.12.1
